TechWeb

Microsoft Unveils "Non-Security" Update For IE

Feb 28, 2006 (12:02 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=181401418


Microsoft Tuesday updated Internet Explorer 6 for Windows XP SP2 and Windows Server 2003 SP1, but denied that the changes were security related.

"The update is labeled as 'non-security' given that it does not include any new updates that affect the security of IE," said a company spokesman Tuesday afternoon.

With the update in place, IE 6 won't run some ActiveX controls until they've been explicitly enabled by the user. Last December, Microsoft posted a note to Web site and ActiveX developers warning them that the change was coming. In that note, the Redmond, Wash.-based developer said that controls loaded by the APPLET, EMBED, or OBJECT elements would be disabled unless the user turned them on.

Although Microsoft says this is not a security update, its connection with ActiveX is reminiscent of several security fixes during 2005 that covered the browser and the control technology. Microsoft has struggled to firm up ActiveX security, particularly in denying controls that have no reason to access the Internet from doing so.

IE 7, which is in beta testing, actually disables most ActiveX controls out of the gate in an attempt to protect users.

The correction comes two weeks after Microsoft released its last patch for IE, a fix for IE 5.01 running on Windows 2000. Microsoft made a point to stress this update has nothing to do with the patch unveiled earlier in the month.

Tuesday's update is available from Microsoft's Download Center and as an option on Windows Update.